Oct 10 2003, 09:34 AM
Whenever I try to look at a large thread - the 'Questions' thread, say - internet security registers what may be an attack, usually from the IP 18.104.22.168 but sometimes from others, "characteristic of an MS_RPC_DCOM_BufferOverflow attack". I can't view these threads unless I disable security. Any idea what's going on?
Oct 10 2003, 10:10 AM
Odd... That IP is from the same range/ISP as you are using now. What are you using for security?
Oct 10 2003, 10:11 AM
Norton Internet Security. Yes, I know, it sucks.
Oct 10 2003, 10:14 AM
An attempt to look at the 'Whatchoo Listenin' to, Foo'?" thread just gave me an "attack" from 22.214.171.124 and 126.96.36.199.
Oct 10 2003, 10:16 AM
Norton's OK, you just want a more beefed up version than that. I'm running their products myself, and I've never had the problem you seem to have. I'd be inclined to speak to your ISP about it, because it's coming from one of their addresses.
Oct 10 2003, 10:19 AM
I'm sure it's not an attack. Why would big threads attack me? It's happened with the Official Spam Thread, the Ask Each Other Questions thread, the Whatchoo' Listenin' To, Foo'? thread, and the Song-Based Chain Quiz thread. All threads with a lot of replies, which seems quite a bizarre correlation.
Oct 10 2003, 10:21 AM
Erm... It may well be an attack, just not coming from those threads. They come up clear for me. We don't even have any posts from any of those IPs. Possibly some monkey is poking at you and switching apparent addresses while doing so.
Oct 10 2003, 10:24 AM
Well, I don't know anything about this sort of thing, it just seems odd to me that this would get registered only when I look at threads with a lot of replies. Also, Norton's been picking this up since I installed it a day or two ago, which would imply that it's been going on for a while and I haven't noticed it. This leads me to wonder what they (if there is a "they") are doing. Also, do you know what an "MS_RPC_DCOM_BufferOverflow" attack is?
Oct 10 2003, 05:05 PM
I've no idea what's going on there, I've not encountered that myself. I've got the latest version of Norton's Firewall and Anti-virus running on my machine and not had that happen. I'd be inclined to agree with Mr Fuzzy, it sounds like there may be someone poking at your machine... Maybe trying to ride in on the back of large internet file downloads? Is such a thing possible?
I'm not convinced by the new version of Norton Anti-virus, I've had nothing but problems with it since I first installed it... Then again, it was pretty much hot-off-the-press so perhaps they hadn't got all the bugs out, it wasn't even in shops, I bought a downloaded version directly from their site. I've had to re-install it three times and sometimes it doesn't recognise me when Windows starts and I have to restart the computer.
Sir Psycho Sexy
Oct 19 2003, 12:10 PM
I used to get that a lot actually, dodgy IP's that kept coming from china or some obsure place (not that china's obscure) so i uninstalled it, it was giving me grief about legitimate things and i decided it wasn't worth the hassle....so i uninstalled it, no problems here...well one or two viruses....hmm....might be an idea to reinstall it after all >_>
Oct 20 2003, 10:13 AM
This is not THE ANSWER but its a point:
There is a thing that Norton Firewall does to me when I connect via FTP to certain servers, ftp being a different kettle of fish from http. For security reasons, the server dynamically changes port numbers a lot, to make it more difficult to hack. This rapid change of port numbers makes Norton Firewall think I'm getting port-scanned, and it locks up on that IP. In order for it to work, I have to tell NF to stop getting bloody paranoid with THAT SPECIFIC IP.
Now then, you're getting an 'over-flow' related thing from your ISPs IP range, with an alleged accomplice on some other IP ... I'm guessing that your ISP may have some dynamic malarky going on that is being INTERPRETED as something bad ... It may be that you have to tell the firewall to go easy on your ISP's IP range ... This would leave your computer open to some bad stuff, like if another user of your ISP has a virus/trojan job happening ... I would reccommend trying to talk with somebody WHO KNOWS WHAT THEY'RE DOING at your ISP, and find out what they are doing .... If they dont answer or if they deny everything, I suggest dressing up as Big Bird from Sesame Street, and parading outside thier offices with a sandwich board that says 'My ISP suck dog saussies' until they find an answer....
good luck ....
Oct 20 2003, 10:26 AM
QUOTE (Pab @ Oct 20 2003, 11:22 AM)
I would reccommend trying to talk with somebody WHO KNOWS WHAT THEY'RE DOING at your ISP, and find out what they are doing....
Hah! He'll be lucky - I think his ISP is NTL, and while they do have some competent people there, you need to spend quite some time and effort talking to people in a call centre (possibly orbiting Io) to get to them.
I'm on NTL myself, and haven't had similar problems. The only partucularly awkward thing I know of that they have set up is transparent proxy caching. You can read something about it here.
I doubt that has anything to do with the question at hand though.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here